AWS OpsWorks SSH Permission denied (publickey)

3
votes

In order to deploy an instance of a Rails application on AWS OpsWorks, I have to define an SSH key for the instance. I followed the steps provided in the help page: http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances-ssh.html#workinginstances-ssh-third

  1. I created the key pair and downloaded the .pem file: AWSRails.pem
  2. I've changed the chmod of the file to 600
  3. In the stack page, I added the default SSH key to the previously created one (step 1)
  4. In the Instance page, I get the public DNS name: ec2-54-72-154-78.eu-west-1.compute.amazonaws.com
  5. In the same page, I get the Operating system: Amazon Linux

  6. In the terminal, I attempted to establish a ssh connection to the instance:

    ssh -v -i ~/Downloads/AWSRails.pem [email protected]

I had the following output:

OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug1: Connecting to ec2-54-72-154-78.eu-west-1.compute.amazonaws.com [54.72.154.78] port 22.
debug1: Connection established.
debug1: identity file AWSRails.pem type -1
debug1: identity file AWSRails.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA f0:52:63:a5:cf:d9:62:bc:f7:b9:f9:04:a7:05:93:5e
debug1: Host 'ec2-54-72-154-78.eu-west-1.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/Hassen/.ssh/known_hosts:12
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/Hassen/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: AWSRails.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

Reading the debug message, the connexion was established and everything works fine, until publickey authentication method. I tried many of the same issues found on StackOverflow, but none worked.

Do you have any idea? Thanks.

2
amazon-web-servicessshamazon-ec2
are you sure you didn't create your instance with Ubuntu? Does the instance show up in amazon dashboard as having AWSRails.pem as its key?ffflabs
You're right on the second point. I had to shutdown the instance and add the pem key... Now, I can't relaunch the instance (fails during the setup phase,) and still having publickey error when deploying from github: Permission denied (publickey). But I can access to the remote AWS instance with SSH.htaidirt
agreed with the first comment. are you positive you used the amazon linux instance type? the ubuntu instance has a different default user.Paul Frederiksen

2 Answers

0
votes

Two potential solutions:

  1. Do you have SSH turned on for your user? Check your Permissions (from the dashboard IIRC). If it's just you on the stack then probably you already have permissions, but I know I've had to make sure to turn it when adding members to my development team. For more details see the AWS OpsWorks page on SSH

  2. All my "ssh into OpsWorks instances" scripts always do ssh add-key ec2-keypair.pem before actually trying to SSH. I believe this is the key given to you during initial stack creation??? or something? Anyway, if you have that key around, try ssh add-key. It may also depend on how you have your OpsWorks set up (personal keys vs one default key)...

0
votes

It’s worth checking if the username is what you expect it to be. I had exactly the same error, and it was because I was using Ubuntu instances rather than Amazon Linux, but this may not be the only reason for having a different username.

The Opsworks console’s SSH login page suggests userexamplecom as the SSH username for an AWS/IAM user with [email protected] as a login. But for Ubuntu it’s ubuntu, Amazon Linux or Red Hat it’s ec2-user, and Debian it’s admin. More details here (I haven’t used all of these personally).

A good tip from the linked article is to try:

$ ssh root@hostname

As some systems will respond with something like:

Please login as the user "ubuntu" rather than the user "root".